Web sites are increasingly under spam attack from automated scripts. “CAPTCHAs” (Completely Automated Public Turing test to tell Computers and Humans Apart) can help Web sites to distinguish between human and machine users by forming a problem that is easy for humans to solve, but difficult for machines to solve.
CAPTCHA can control many automated spam attacks against Web sites, but without careful planning, it can also cause problems.
Because CAPTCHAs rely on perception, users unable to perceive a CAPTCHA (for example, due to a disability or because it is difficult to read) will be unable to perform the task protected by a CAPTCHA.
Prevent Spam Attacks without Using CAPTCHAs
The idea here is setting up a form with a text field which is made invisible by using CSS. After form submission, if that text box has information in it, that means a human didn’t fill it out (because this field is invisible for humans), and the submitted form is simply aborted.
Here are the steps for implementing the methods mentioned above:
- Add an input field to your form, with some interesting name, for example 'URL', or 'Subject'.
<input name="subject" type="text" value=""/>
- Make the input box invisible using CSS so that human users cannot see it directly.
<p class="fstyle"><input name="subject" type="text" value=""/> </p>
- After submission, check the invisible input. If it contains any value, reject the post.
I implemented this method, in a high traffic blog site, the site was catching around 50 spams a day without any spam prevention methods. With this invisible form input method, the site receives 2-3 manually entered spam messages.